This vulnerability is an instance of a use after free vulnerability in Acrobat's JavaScript engine, related to the collaboration functionality. The vulnerability is triggered by a crafted PDF file with JavaScript code that invokes undocumented animateSyncButton method on Collab object which can trigger access violation exception in Acrobat Reader because of a dangling reference left as a consequence of freeing an object. A constraint for exploitation of this vulnerability is that the memory area of the freed (i.e., old) object is reused by another object. The mismatch between the old and the new object can provide attacker with an unintended memory access -- potentially leading to code corruption, control-flow hijack, or information leak attack. Successful exploitation could lead to arbitrary code execution. |